kleopatra flatpak issue
kevinotech at proton.me
kevinotech at proton.me
Wed Mar 26 16:43:38 CET 2025
Okay so an update on this issue , if i am correct this may not really be an issue with kleopatra flatpak itself and things might be running as expected. After posting here I went to the bug kde bug tracking system to see similar issues reported and i saw an informational bug ticket which said "Kleopatra `needs a running gpg-agent from the host to work"`.Bug report link https://bugs.kde.org/show_bug.cgi?id=459041 So from this i conclude that flatpak indeed needs to rely on the host gpg-agent to conduct the crypto operations. Possibly reasons could be because gpg-agent daemon needs system integration to perform the secret operations in secure manner which flatpaks can't probably do with its sandbox approach. I am no expert in Linux packaging but this is what i assume something related to this . Though i feel the warning messages are incorrect , as killing gpg-agent won't use newer versions of gpg-agent automatically.
In a related issue to this issue , can someone tell the proper steps to follow for changing all the gpg-agent.service , scdaemon.service and keyboxd.service files when manually compiling gpg to updated versions . For example i had compiled and installed the latest package and dependencies in the directory `/usr/local/bin' and added this to path . But still the older gpg-agent and scdaemon were running despite killing and restarting multiple times. Also on most linux systems removing the default gnupg installation is not possible as core DE components and applications rely on it. I checked the docs but it seems this information is not properly documented. So a list of files i need to check including config changes would be helpful.
Thanking you
kevin
On Wednesday, 26 March 2025 at 17:17, kevinotech at proton.me <kevinotech at proton.me> wrote:
> hello everyone , this i my first question on the mailing list :) . Hopefully this is the right place to ask questions related to kleopatra.
> i am using kleopatra (flatpak version) on my Linux mint 22.1 (base noble) machine and when i am doing any function like encryption or decryption on kleopatra, the actual operation is a success but on inspecting the audit log i am seeing the following warning messages.
>
> > gpg: WARNING: server 'keyboxd' is older than us (2.4.4 < 2.5.1)gpg: WARNING: server 'gpg-agent' is older than us (2.4.4 < 2.5.1)
> > gpg: Note: Outdated servers may lack important security fixes.
> > gpg: Note: Use the command "gpgconf --kill all" to restart them
>
>
>
> kelopatra about section shows gpg version 2.5.1 and libgcrypt version 1.11.0 but my linux system has gpg version 2.4.4. and libgcrypt v 1.10.3. So the warning may indicate that kleopatra might still be using my host systems gpg-agent and keyboxd. I tried the suggested fix for it by killing gpg-agent but even after many tries the warning still persist. While most people would just ignore such warning as the operation still works but i decided to dig in to find a solution for this.(hopefully also push ubuntu to upgrade their gpg packaged version). I suspect this could be related to some systemd service of the gpg-agent or keyboxd of the host which is set to restart automatically , thus causing conflicts. Though i am not entirely sure of this. A solution for this would to manually install the updated version of gpg on my system and set it as default path but that won't solve the issue permanently and may not be desirable step in every case. Usually flatpaks bring their own binary version so it must be able to leverage the updated versions of gpg. Also to note that i had earlier manually changed the keydatabse method from keyring.kbx to keyboxd as per instuctions in docs , but the behaviour should remain the same.
> Here is my complete build info for kleopatra and system info.
>
> > Kleopatra: 4.0.0.241203 (24.12.3) , KDE Frameworks: 6.12.0, Qt: Using 6.8.2 and built against 6.8.2, KDE Flatpak runtime (Xcb), Build ABI: x86_64-little_endian-lp64, Kernel: linux 6.8.0-56-generic
> > System info - Distro: Linux Mint 22.1 Xia base: Ubuntu 24.04 noble, Kernel: 6.8.0-56-generic arch: x86_64
>
> Any suggestions for tackling this problem is greatly appreciated. Also thanks to developers for their work on gnupg Its a wonderful free software and i have been reading into a lot details lately :)
>
> Best regards
> kevin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250326/118b0012/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: publickey - kevinotech at proton.me - 0xF9F43E49.asc
Type: application/pgp-keys
Size: 791 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250326/118b0012/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 343 bytes
Desc: OpenPGP digital signature
URL: <https://lists.gnupg.org/pipermail/gnupg-users/attachments/20250326/118b0012/attachment.sig>
More information about the Gnupg-users
mailing list